HIPAA Compliance and Managed IT Services
HIPAA security established a rule for national standards to protect electronic personal health information (ePHI) by covered entities and their business associates. The security safeguards were put forth to ensure the confidentiality and security of ePHI.
By September 23, 2013, HIPAA/HITECH was in full effect with requirements to implement and update security policies and procedures, and to update HIPAA privacy notes and conduct training. Other dates for the new security rules were:
April 8, 2014 – End of support for Windows XP and Exchange 2003
July 14, 2015 – End of support for Windows Server 2003
January 1, 2015 – Meaningful use penalties for Medicare providers
You are open to compliance violations if:
- You send emails to patients WITHOUT utilizing encryption software.
- You’re still using software which is no longer supported by Microsoft with security patches (such as Windows XP or Exchange 2003).
- Your computer and server are NOT encrypted.
- Your systems administration does not have proper HIPAA policies and procedures documented.